this post was submitted on 10 Jul 2023
167 points (100.0% liked)
Beehaw Support
2796 readers
1 users here now
Support and meta community for Beehaw. Ask your questions about the community, technical issues, and other such things here.
A brief FAQ for lurkers and new users can be found here.
Our September 2024 financial update is here.
For a refresher on our philosophy, see also What is Beehaw?, The spirit of the rules, and Beehaw is a Community
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Surely it's not really any different to any other website's admin having their account hacked/their password socially engineered? It's not an inherent flaw in the fediverse as a whole, just a human issue.
EDIT: see @Zephyrix's comment below. It was a security flaw.
This was not a social engineering. It was a JavaScript injection that stole browser cookies, bypassing password changes and 2FA.
However, it seems lemmy.world was running a custom version of the UI. So it's possible that it only affected their instance. Hard to say at this point.
Oh, well in that case it's a little more concerning. But I don't expect it to be a long-term issue. It certainly isn't a serious blow to my confidence in the security of the fediverse, that's for sure! It being a somewhat minor breach may be a blessing, also; it means there'll almost certainly be more of a focus on security going forward before something more serious happens.